c8b28391ba0521a49e28908c61d9c962[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c8b28391ba0521a49e28908c61d9c962.zip
Size

58KB
MD5

1aad636eda283aa7dc3b0a2c5fa996ee
SHA1

cec030382199d84520d091a1ef9674a96326afe3
SHA256

6645fa10df22f1737d2f9e2f36d1c07fd530fa44eae9f1306bcff383c8fdb7e3
SHA512

f9beb28eceec9b149ca629905840a4f5b151a722ce22021957155f62ba355cd2955cf6dfa4e80ee5973b0e821f3d702fa740bf52a088ff065c9eff1c022b723e
SSDEEP

1536:tErvm9tsBQZkIoOrQvats+rS+CYP/m46Pf:yvm3HkIoOsvSs/jq/7ef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7dab1f28710f7de091a2123d583bc4830a9b61b7e5150d6984cd41bf7f0a8dfa

Files

c8b28391ba0521a49e28908c61d9c962.zip
.zip

Password: infected
7dab1f28710f7de091a2123d583bc4830a9b61b7e5150d6984cd41bf7f0a8dfa
.exe windows:5 windows x86 arch:x86

b892955ae494fe908bdf52e81e1dfa4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
GetProcAddress
VirtualAlloc
VirtualFree
VirtualProtect

user32

EndPaint

advapi32

RegCloseKey

shell32

ShellExecuteA

ws2_32

WSAStartup

iphlpapi

GetAdaptersAddresses

Sections

HSUDHUHW
Size: - Virtual size: 148KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

HSUDHUHW
Size: 57KB - Virtual size: 60KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE